One of the key flaws with the data retention schemes being proposed by the UK and elsewhere, supposedly to catch terrorists and serious criminals, is that they won’t work. It is trivially easy to avoid surveillance by using encrypted connections, for example those provided by The Onion Router (Tor). This means that the only people who are likely to end up being spied on are innocent members of the public.
According to this article in Crikey, the secret services in Australia have apparently woken up to this fact; but rather than convince their government that data retention is therefore an expensive and intrusive waste of time, they have decided to take the damage to the next level:
In a major admission, the Attorney-General’s Department has revealed Australia’s intelligence and law enforcement agencies are seeking the legal power to break into internet routing encryption services such as Tor, after admitting the centerpiece of its proposed national security reforms, data retention, will be “trivially easy” to defeat.
This is, of course, an incredibly stupid idea, for reasons that one of Tor’s developers, Jacob Appelbaum, explains well in the Crikey piece:
“If they wish to break such [encrypted] services, they ensure that when they use such services, they will also be insecure — this ensures again that only criminals will have privacy, regular people — including the police fighting crime — they will be left out of having strong privacy. This opens business people up to industrial and economic espionage. It also promotes the idea that to make ourselves more secure, we should weaken our networks and add the very backdoors that most attackers work day and night to create,” he said.
The plan to create detailed, centralized stores of high-value information about people’s Internet and telephone usage already exposes the public to an elevated risk of having personal information accessed and misused. Moving beyond that to break key encrypted Internet services like Tor and virtual private networks (VPNs) would deal another serious blow to online privacy and business confidentiality.